Yes, you’re right Google’s reCAPTCHA does not support arithmetic challenges.
But why stick to a requirement of arithmetic challenges if the user does not need to be challenged at all? E.g. if the user’s validity can be deduced from other behavioural factors at forehand?
If only the most suspicious visits will need validation, I would prefer that above presenting every visitor an arithmetic challenge.
Have a look at this page about the different ways reCAPTCHA validates the visitor. The aim is not to challenge the visitor at all if not needed, and if needed, present the lowest intrusive challenge that reCAPTCHA provides.
Grav Forms are not mandatory to use. I haven’t used Grav Forms myself for any form I use on my websites.
For me as a developer, it is quite simple to create a plugin presenting a custom form:
- that uses the clients preferred layout and style,
- that handles the cleansing/validation of data submitted,
- handles the business logic for the form (email, storage, …)
- presents a custom summary or ‘Thank you’ message
- using your own reCAPTCHA or alternative
- …and just anything else you would like a form to look like or behave…
Simplicity and flexibility are just a few of Grav’s strengths…